当我尝试在我的新 Amazon Linux 实例中执行任何操作时,为什么我的 AWS CLI 会挂起?
Why does my AWS CLI hang when I try to do any operation in my new Amazon Linux instance?
我已经使用 CloudFormation 配置了一个新的 EC2 实例,并使用以下规则设置了网络 ACL:
INBOUND
100 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW
102 SSH (22) TCP (6) 22 0.0.0.0/0 ALLOW
104 Custom TCP Rule TCP (6) 1024-65535 0.0.0.0/0 ALLOW
* ALL Traffic ALL ALL 0.0.0.0/0 DENY
OUTBOUND
100 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW
102 Custom TCP Rule TCP (6) 1024-65535 0.0.0.0/0 ALLOW
* ALL Traffic ALL ALL 0.0.0.0/0 DENY
我已将具有以下策略的 IAM 角色分配给实例:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1427889375000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::my-bucket/*"
]
}
]
}
当实例启动时,我可以通过 SSH 连接到它,但是当我 运行 以下内容时:
aws s3 ls s3://my-bucket
它只是挂起。当我按 CTRL+C 时,我得到以下堆栈跟踪:
Traceback (most recent call last):
File "/usr/bin/aws", line 27, in <module>
sys.exit(main())
File "/usr/bin/aws", line 23, in main
return awscli.clidriver.main()
File "/usr/lib/python2.7/dist-packages/awscli/clidriver.py", line 50, in main
return driver.main()
File "/usr/lib/python2.7/dist-packages/awscli/clidriver.py", line 197, in main
return command_table[parsed_args.command](remaining, parsed_args)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/commands.py", line 185, in __call__
parsed_globals)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/commands.py", line 182, in __call__
return self._run_main(parsed_args, parsed_globals)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/s3/subcommands.py", line 330, in _run_main
self._list_all_objects(bucket, key, parsed_args.page_size)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/s3/subcommands.py", line 352, in _list_all_objects
for response_data in iterator:
File "/usr/lib/python2.7/dist-packages/botocore/paginate.py", line 70, in __iter__
response = self._make_request(current_kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/paginate.py", line 116, in _make_request
return self._method(**current_kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 187, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 231, in _make_api_call
operation_model, request_dict)
File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 173, in make_request
return self._send_request(request_dict, operation_model)
File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 201, in _send_request
request, operation_model, attempts)
File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 231, in _get_response
proxies=self.proxies, timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/adapters.py", line 370, in send
timeout=timeout
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 518, in urlopen
body=body, headers=headers)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 322, in _make_request
self._validate_conn(conn)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 727, in _validate_conn
conn.connect()
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connection.py", line 204, in connect
conn = self._new_conn()
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connection.py", line 134, in _new_conn
(self.host, self.port), self.timeout, **extra_kw)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/util/connection.py", line 78, in create_connection
sock.connect(sa)
File "/usr/lib64/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
KeyboardInterrupt
看起来像是网络问题,但我不确定是什么。
我可以从实例访问互联网,我用
确认
[ec2-user@ip-10-1-1-100 aws-bootstrapping]$ curl -I www.google.com
HTTP/1.1 302 Found
Location: http://www.google.ie/?gws_rd=cr&ei=-eEbVc_ZIobm7gaW7YC4Bw
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=679f042abd7bfd64:FF=0:TM=1427890681:LM=1427890681:S=cJBdhGCXJhkFNjOk; expires=Fri, 31-Mar-2017 12:18:01 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=KgZ3BLHR3Nu08xwiXhQHX4n3hnj1ME4tXzHe8OGH0h6d1sPJwK1VVHi9soPkB_JY9PqAiuRvDQ1_7PA3wd5tYPATrwP5dCoCcqsInoxT-tbGWo37qcWl7aUHZNvCA0Cp; expires=Thu, 01-Oct-2015 12:18:01 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Wed, 01 Apr 2015 12:18:01 GMT
Server: gws
Content-Length: 258
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.5
您似乎不允许 SSL (443) 流量传出。默认情况下,AWS CLI 通过 SSL 端点连接到 AWS 服务。
AWS CLI 通过 HTTPS 对服务进行 API 调用。必须启用 TCP 端口 443 上的出站连接才能执行调用。
我们今天遇到了这个问题,问题出在 aws config 中。我们指的是一个不存在的区域。使用 aws --debug 帮助您找出问题所在
就我而言,我在 Pod 中 运行 AWS CLI 2 (2.0.0),同时我应用了一些拒绝所有出口流量的网络策略。
删除网络策略修复了问题 k delete networkpolicies --all
我遇到了同样的问题,但更新安全组并没有解决问题。使用调试模式发现问题出在我的 python 版本上。我用的是 3.6.8。将其更新到 3.7.7 并解决了问题。
我已经使用 CloudFormation 配置了一个新的 EC2 实例,并使用以下规则设置了网络 ACL:
INBOUND
100 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW
102 SSH (22) TCP (6) 22 0.0.0.0/0 ALLOW
104 Custom TCP Rule TCP (6) 1024-65535 0.0.0.0/0 ALLOW
* ALL Traffic ALL ALL 0.0.0.0/0 DENY
OUTBOUND
100 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW
102 Custom TCP Rule TCP (6) 1024-65535 0.0.0.0/0 ALLOW
* ALL Traffic ALL ALL 0.0.0.0/0 DENY
我已将具有以下策略的 IAM 角色分配给实例:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1427889375000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::my-bucket/*"
]
}
]
}
当实例启动时,我可以通过 SSH 连接到它,但是当我 运行 以下内容时:
aws s3 ls s3://my-bucket
它只是挂起。当我按 CTRL+C 时,我得到以下堆栈跟踪:
Traceback (most recent call last):
File "/usr/bin/aws", line 27, in <module>
sys.exit(main())
File "/usr/bin/aws", line 23, in main
return awscli.clidriver.main()
File "/usr/lib/python2.7/dist-packages/awscli/clidriver.py", line 50, in main
return driver.main()
File "/usr/lib/python2.7/dist-packages/awscli/clidriver.py", line 197, in main
return command_table[parsed_args.command](remaining, parsed_args)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/commands.py", line 185, in __call__
parsed_globals)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/commands.py", line 182, in __call__
return self._run_main(parsed_args, parsed_globals)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/s3/subcommands.py", line 330, in _run_main
self._list_all_objects(bucket, key, parsed_args.page_size)
File "/usr/lib/python2.7/dist-packages/awscli/customizations/s3/subcommands.py", line 352, in _list_all_objects
for response_data in iterator:
File "/usr/lib/python2.7/dist-packages/botocore/paginate.py", line 70, in __iter__
response = self._make_request(current_kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/paginate.py", line 116, in _make_request
return self._method(**current_kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 187, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 231, in _make_api_call
operation_model, request_dict)
File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 173, in make_request
return self._send_request(request_dict, operation_model)
File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 201, in _send_request
request, operation_model, attempts)
File "/usr/lib/python2.7/dist-packages/botocore/endpoint.py", line 231, in _get_response
proxies=self.proxies, timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/adapters.py", line 370, in send
timeout=timeout
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 518, in urlopen
body=body, headers=headers)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 322, in _make_request
self._validate_conn(conn)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 727, in _validate_conn
conn.connect()
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connection.py", line 204, in connect
conn = self._new_conn()
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/connection.py", line 134, in _new_conn
(self.host, self.port), self.timeout, **extra_kw)
File "/usr/lib/python2.7/dist-packages/botocore/vendored/requests/packages/urllib3/util/connection.py", line 78, in create_connection
sock.connect(sa)
File "/usr/lib64/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
KeyboardInterrupt
看起来像是网络问题,但我不确定是什么。
我可以从实例访问互联网,我用
确认[ec2-user@ip-10-1-1-100 aws-bootstrapping]$ curl -I www.google.com
HTTP/1.1 302 Found
Location: http://www.google.ie/?gws_rd=cr&ei=-eEbVc_ZIobm7gaW7YC4Bw
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=679f042abd7bfd64:FF=0:TM=1427890681:LM=1427890681:S=cJBdhGCXJhkFNjOk; expires=Fri, 31-Mar-2017 12:18:01 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=KgZ3BLHR3Nu08xwiXhQHX4n3hnj1ME4tXzHe8OGH0h6d1sPJwK1VVHi9soPkB_JY9PqAiuRvDQ1_7PA3wd5tYPATrwP5dCoCcqsInoxT-tbGWo37qcWl7aUHZNvCA0Cp; expires=Thu, 01-Oct-2015 12:18:01 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Wed, 01 Apr 2015 12:18:01 GMT
Server: gws
Content-Length: 258
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic,p=0.5
您似乎不允许 SSL (443) 流量传出。默认情况下,AWS CLI 通过 SSL 端点连接到 AWS 服务。
AWS CLI 通过 HTTPS 对服务进行 API 调用。必须启用 TCP 端口 443 上的出站连接才能执行调用。
我们今天遇到了这个问题,问题出在 aws config 中。我们指的是一个不存在的区域。使用 aws --debug 帮助您找出问题所在
就我而言,我在 Pod 中 运行 AWS CLI 2 (2.0.0),同时我应用了一些拒绝所有出口流量的网络策略。
删除网络策略修复了问题 k delete networkpolicies --all
我遇到了同样的问题,但更新安全组并没有解决问题。使用调试模式发现问题出在我的 python 版本上。我用的是 3.6.8。将其更新到 3.7.7 并解决了问题。